Microsoft SQL Server - Resolve "The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption."

by
Jeremy Canfield |
Updated: December 07 2021
| Microsoft SQL Server articles
Let's say the following error is being returned when connecting to Microsoft SQL Server from a Java client.
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)".
This error can occur when the SSL or TLS version being used is listed as a disabled algorithm in the java.security file. On a Linux system, use the which command to determine the installation directory for the java CLI.
~]$ which java
/usr/bin/java
Determine where the Java files are installed.
~]$ ls -l /usr/bin/java
lrwxrwxrwx 1 root root 22 Dec 6 07:55 /usr/bin/java -> /etc/alternatives/java
~]$ ls -l /etc/alternatives/java
lrwxrwxrwx 1 root root 73 Dec 6 07:55 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64/jre/bin/java
Find the java.security file.
~]$ find /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64 | grep java.security
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64/jre/lib/security/java.security
The java.security file should have disabled algorithms. Let's say algorithm TLSv1.1 is being used, and is listed as a disabled algorithm. This can cause the error. In this scenario, there are a couple options.
- Use a different algorithm when connecting to Microsoft SQL Server
- Remove the algorithm from the list of disabled algorithms in the java.security file
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Did you find this article helpful?
If so, consider buying me a coffee over at